Merge branch 'duplicate-cert-fix'

2 files changed, 18 insertions, 1 deletions

diff --git a/lib/chef/http/ssl_policies.rb b/lib/chef/http/ssl_policies.rb
index 17b46a6762..f2a9c5b845 100644
--- a/lib/chef/http/ssl_policies.rb
+++ b/lib/chef/http/ssl_policies.rb
@@ -79,7 +79,7 @@ class Chef
           certs = Dir.glob(File.join(config.trusted_certs_dir, "*.{crt,pem}"))
           certs.each do |cert_file|
             cert = OpenSSL::X509::Certificate.new(File.read(cert_file))
-            http_client.cert_store.add_cert(cert)
+            add_trusted_cert(cert)
           end
         end
       end
@@ -104,6 +104,14 @@ class Chef
         Chef::Config
       end
 
+      private
+
+      def add_trusted_cert(cert)
+        http_client.cert_store.add_cert(cert)
+      rescue OpenSSL::X509::StoreError => e
+        raise e unless e.message == 'cert already in hash table'
+      end
+
     end
 
     class APISSLPolicy < DefaultSSLPolicy
diff --git a/spec/unit/http/ssl_policies_spec.rb b/spec/unit/http/ssl_policies_spec.rb
index c80f989180..b95e13a370 100644
--- a/spec/unit/http/ssl_policies_spec.rb
+++ b/spec/unit/http/ssl_policies_spec.rb
@@ -139,6 +139,15 @@ describe "HTTP SSL Policy" do
         # The system under test **SHOULD** do both of these things.
         http_client.cert_store.verify(additional_pem).should be_true
       end
+
+      context "and some certs are duplicates" do
+        it "skips duplicate certs" do
+          # For whatever reason, OpenSSL errors out when adding a
+          # cert you already have to the certificate store.
+          ssl_policy.set_custom_certs
+          ssl_policy.set_custom_certs #should not raise an error
+        end
+      end
     end
   end